【51CTO.com快译】大多数情况下有一台JUMP服务器,Linux管理员无需密码即可连接到所有其他Linux系统。
你可以一次连接到多个系统以排除故障。
你在使用多台计算机时,由于某个原因想重启系统,但可能重启的是错误的系统,而不是实际的系统。
如果是非生产服务器,没问题。但如果你同时重启一台重要的生产服务器,就要考虑清楚情况。本人不小心重启过几次。
这种情况下,如何防止意外关闭或重启Linux系统呢?
没错,我们有一些方法可以防止这种情况,下面作详细介绍。
方法1:如何使用molly-guard实用程序防止在Linux上意外关闭或重启
molly-guard这个简单的应用程序通过询问主机名来保护机器免受意外关闭和重启。 molly-guard主要用于保护SSH连接。
它仅适用于基于Debian的系统,该项目已有多年未更新,但仍可以正常使用。
molly-guard如何工作?molly-guard安装shell脚本,该脚本覆盖现有的shutdown、restart、halt和poweroff等命令。
它运行/etc/molly-guard/run.d/中一组可用的脚本,在molly-guard执行实际命令之前,所有脚本都需要成功退出(它有几道检查机制)。
脚本先检查是否从SSH执行命令。如果是,shell脚本提示你输入要执行该功能的主机名,以防止意外关闭和重启。
molly-guard将实际的二进制文件转移到/lib/molly-guard/。你可以通过直接运行那些二进制文件来绕过molly-guard。
如何在Debian/Ubuntu上安装molly-guard?
正如本文开头所说,molly-guard应用程序仅适用于基于Debian的系统。使用apt命令或apt-get命令来安装。
- $ sudo apt install molly-guard
使用molly-guard创建测试用例
我会执行重启和关闭命令,检查molly-guard应用程序是否按预期运行。
- $ sudo reboot
- W: molly-guard: SSH session detected!
- Please type in hostname of the machine to reboot: ^C
- Good thing I asked; I won't reboot ubuntu.daygeek ...
被关闭后停止或关机。
- $ sudo shutdown -h now
- W: molly-guard: SSH session detected!
- Please type in hostname of the machine to shutdown: ^C
- Good thing I asked; I won't shutdown ubuntu.daygeek ...
停止系统。
- $ sudo halt
- W: molly-guard: SSH session detected!
- Please type in hostname of the machine to halt: ^C
- Good thing I asked; I won't halt ubuntu.daygeek ...
关闭系统。
- $ sudo poweroff
- W: molly-guard: SSH session detected!
- Please type in hostname of the machine to poweroff: ^C
- Good thing I asked; I won't poweroff ubuntu.daygeek ...
说明:molly-guard应用程序无法阻止systemctl shutdown和systemctl reboot命令。
方法2:如何使用systemd定制服务防止在Linux上意外关闭或重启
为此,创建定制服务来阻止shutdown/restart命令。
创建下列单元文件:
- # vi /etc/systemd/system/reboot-guard.service
- [Unit]
- Description=Reboot Guard
- [Service]
- ExecStart=/bin/true
- [Install]
- RequiredBy=shutdown.target
单元文件-2:
- # /etc/systemd/system/start-reboot-guard.service
- [Unit]
- Description=Start Reboot Guard
- [Service]
- ExecStart=/bin/systemctl enable reboot-guard
- [Install]
- WantedBy=multi-user.target
运行下列systemctl命令以激活reboot-guard服务。
- # systemctl daemon-reload
- # systemctl enable reboot-guard start-reboot-guard
- Created symlink /etc/systemd/system/shutdown.target.requires/reboot-guard.service → /etc/systemd/system/reboot-guard.service.
- Created symlink /etc/systemd/system/multi-user.target.wants/start-reboot-guard.service → /etc/systemd/system/start-reboot-guard.service.
使用reboot-guard服务创建测试用例。
针对重启
- # systemctl reboot
- Failed to reboot system via logind: Transaction contains conflicting jobs 'stop' and 'start' for shutdown.target. Probably contradicting requirement dependencies configured.
- Failed to start reboot.target: Transaction contains conflicting jobs 'stop' and 'start' for shutdown.target. Probably contradicting requirement dependencies configured.
- See system logs and 'systemctl status reboot.target' for details.
针对关机
- # systemctl poweroff
- Failed to power off system via logind: Transaction contains conflicting jobs 'stop' and 'start' for poweroff.target. Probably contradicting requirement dependencies configured.
- Failed to start poweroff.target: Transaction contains conflicting jobs 'stop' and 'start' for poweroff.target. Probably contradicting requirement dependencies configured.
- See system logs and 'systemctl status poweroff.target' for details.
至于reboot、init 0和init 6之类的老式工具,我没看到什么影响,但shutdown命令显示了下列输出。然而,这其实并不关闭系统。
- # reboot
- # init 6
- # poweroff
- # init 0
- # shutdown
- Shutdown scheduled for Sun 2019-11-10 21:59:17 IST, use 'shutdown -c' to cancel.
运行下列命令,启用shutdown/restart命令。
- # systemctl disable reboot-guard
参考:Red Hat网页。
方法3:如何使用reboot-guard实用程序防止在Linux上意外关闭或重启
阻止systemd启动的poweroff/reboot/halt目标,直到可配置条件检查通过。
它只与Python 2兼容,所以确保你在系统上安装了Python 2。我在CentOS 8上进行了测试,系统之前未安装Python 2,于是我安装了。
将reboot-guard实用程序下载到“/usr/sbin”目录下。
- # cd /usr/sbin
- # curl -kO https://raw.githubusercontent.com/ryran/reboot-guard/master/rguard
- # chmod +x rguard
运行下列命令,让rguard实用程序能够阻止reboot/shutdown。
- # rguard -1
- WARNING: ☹ Blocked poweroff.target
- WARNING: ☹ Blocked reboot.target
- WARNING: ☹ Blocked halt.target
创建rguard应用程序的测试用例。
针对重启
- # systemctl reboot
- Failed to reboot system via logind: Operation refused, unit reboot.target may be requested by dependency only (it is configured to refuse manual start/stop).
- Failed to start reboot.target: Operation refused, unit reboot.target may be requested by dependency only (it is configured to refuse manual start/stop).
- See system logs and 'systemctl status reboot.target' for details.
针对关机
- # systemctl poweroff
- Failed to power off system via logind: Operation refused, unit poweroff.target may be requested by dependency only (it is configured to refuse manual start/stop).
- Failed to start poweroff.target: Operation refused, unit poweroff.target may be requested by dependency only (it is configured to refuse manual start/stop).
- See system logs and 'systemctl status poweroff.target' for details.
至于reboot、init 0和init 6之类的老式工具,我没看到什么影响,但shutdown命令显示了下列输出。然而,这其实并不关闭系统。
- # reboot
- # init 6
- # poweroff
- # init 0
- # shutdown
- Shutdown scheduled for Sun 2019-11-10 23:46:24 IST, use 'shutdown -c' to cancel.
运行下列命令以禁用rguard实用程序。
- # rguard -0
- WARNING: ☻ Unblocked poweroff.target
- WARNING: ☻ Unblocked reboot.target
- WARNING: ☻ Unblocked halt.target
方法4:如何使用systemctl命令防止在Linux上意外关闭或重启
此外,可以使用systemctl命令来掩盖服务。掩盖服务可阻止服务被人工或自动启动。
掩盖下列单元以阻止意外重启/关闭。
- # systemctl mask reboot.target
- Created symlink /etc/systemd/system/reboot.target → /dev/null.
- # systemctl mask poweroff.target
- Created symlink /etc/systemd/system/poweroff.target → /dev/null.
- # systemctl mask halt.target
- Created symlink /etc/systemd/system/halt.target → /dev/null.
针对重启 mctl reboot
- Failed to reboot system via logind: Access denied
- Failed to start reboot.target: Unit reboot.target is masked.
- # syste
针对关机
- # systemctl poweroff
- Failed to power off system via logind: Access denied
- Failed to start poweroff.target: Unit poweroff.target is masked.
至于reboot、poweroff、init 0和init 6之类的老式工具,我没看到什么影响,但shutdown命令显示了下列输出。然而,这其实并不关闭系统。
- # reboot
- # init 6
- # poweroff
- # init 0
- # shutdown
- Shutdown scheduled for Sun 2019-11-10 23:59:09 IST, use 'shutdown -c' to cancel.
运行下列命令来启用它们。
- # systemctl unmask reboot.target
- Removed /etc/systemd/system/reboot.target.
- # systemctl unmask poweroff.target
- Removed /etc/systemd/system/poweroff.target.
- # systemctl unmask halt.target
- Removed /etc/systemd/system/halt.target.
方法5:如何使用alias命令防止在Linux上意外关闭或重启
此外,可以创建一个别名来阻止这种情况。
- # vi .bashrc
- alias reboot="echo -e 'Is \033[1;31m$HOSTNAME\033[0m the correct hostname you want to restart?' If yes, run /sbin/reboot"
- alias shutdown="echo -e 'Is \033[1;31m$HOSTNAME\033[0m the correct hostname you want to shutdown?' If yes, run /sbin/shutdown"
运行下列命令使这个变更生效。
- # source .bashrc
现在测试这些命令,静观结果。
- # shutdown
- Is CentOS6.2daygeek.com the correct hostname you want to shutdown? If yes, run /sbin/shutdown
- # reboot
- Is CentOS6.2daygeek.com the correct hostname you want to restart? If yes, run /sbin/reboot
原文标题:5 Methods to Avoid or Prevent Accidental Shutdown or Reboot on Linux,作者:Magesh Maruthamuthu
【51CTO译稿,合作站点转载请注明原文译者和出处为51CTO.com】
